Fix and test the github admin route

[paulmelnikow]

Fix regressions in the github admin and token acceptor endpoints, introduced in #1813.

[shields-ci]

	Warnings
⚠️	This PR modified helper functions in lib/ but not accompanying tests. That's okay so long as it's refactoring existing code.

	Messages
📖	✨ Thanks for your contribution to Shields, @paulmelnikow!

Generated by 🚫 dangerJS

[paulmelnikow]

It's a bit annoying this must be done manually. We may want to consider a different request library like got or axios.

[paulmelnikow]

Sentry issue: SHIELDS-1C

[paulmelnikow]

Sentry issue: SHIELDS-1D

[paulmelnikow]

Sentry issue: SHIELDS-1B

[PyvesB]

@paulmelnikow I'll look at this in the morning if no one has done so in the meantime. 😉

[PyvesB]

What was the regression that was introduced? Was it the usage of crypto.timingSafeEqual? The Sentry logs would probably answser my question, but I don't think I have access to them! 😄

[paulmelnikow]

What was the regression that was introduced? Was it the usage of crypto.timingSafeEqual?

Yes it was. That function accepts buffers, not strings, and does not accept undefined. There were actually two implementations of constEq in the codebase. Probably we could swap out the second for crypto.timingSafeEqual if we wrap some tests around isValidToken.

The Sentry logs would probably answser my question, but I don't think I have access to them! 😄

Indeed! It would be good to give access to more of the maintainers. I wonder if we were to write some guidelines, @espadrine would be open to adding more people.

[PyvesB]

Thanks for clarifying. I'm happy with the changes!

[paulmelnikow]

Thanks for reviewing!

[shields-deployment]

This pull request was merged to master branch. Now this change is waiting for deployment.
Deploys usually happen every few weeks. After deployment changes are copied to gh-pages branch.

This badge displays deployment status: